static PeerSecurityCredentialsManager GetCredentialsManager(PeerAuthenticationMode mode, bool signing, BindingContext context)
{
if (mode == PeerAuthenticationMode.None && !signing)
{
return(null);
}
ClientCredentials clientCredentials = context.BindingParameters.Find <ClientCredentials>();
if (clientCredentials != null)
{
return(new PeerSecurityCredentialsManager(clientCredentials.Peer, mode, signing));
}
ServiceCredentials serviceCredentials = context.BindingParameters.Find <ServiceCredentials>();
if (serviceCredentials != null)
{
return(new PeerSecurityCredentialsManager(serviceCredentials.Peer, mode, signing));
}
SecurityCredentialsManager credman = context.BindingParameters.Find <SecurityCredentialsManager>();
if (credman == null)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials);
}
return(new PeerSecurityCredentialsManager(credman.CreateSecurityTokenManager(), mode, signing));
}
public PeerClientSecurityTokenManager(PeerSecurityManager parent, SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth)
{
this.delegateManager = manager;
this.mode = mode;
this.messageAuth = messageAuth;
this.parent = parent;
}
public PeerSecurityCredentialsManager(PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth)
: base()
{
this.credential = credential;
this.mode = mode;
this.messageAuth = messageAuth;
}
public PeerSecurityCredentialsManager(SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth)
{
this.mode = PeerAuthenticationMode.Password;
this.manager = manager;
this.mode = mode;
this.messageAuth = messageAuth;
}
public PeerSecurityCredentialsManager(SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth)
: base()
{
this.manager = manager;
this.mode = mode;
this.messageAuth = messageAuth;
}
private static void ValidateCredentialSettings(PeerAuthenticationMode authenticationMode, bool signMessages, PeerCredential credential)
{
if ((authenticationMode != PeerAuthenticationMode.None) || signMessages)
{
X509CertificateValidator validator;
switch (authenticationMode)
{
case PeerAuthenticationMode.Password:
if (string.IsNullOrEmpty(credential.MeshPassword))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password);
}
break;
case PeerAuthenticationMode.MutualCertificate:
if (credential.Certificate == null)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate);
}
if (!credential.PeerAuthentication.TryGetCertificateValidator(out validator))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication);
}
break;
}
if (signMessages && !credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
}
public PeerSecurityCredentialsManager(PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth)
{
this.mode = PeerAuthenticationMode.Password;
this.credential = credential;
this.mode = mode;
this.messageAuth = messageAuth;
}
public PeerClientSecurityTokenManager(PeerSecurityManager parent, PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth)
{
this.credential = credential;
this.mode = mode;
this.messageAuth = messageAuth;
this.parent = parent;
}
static public PeerSecurityManager Create(PeerSecuritySettings security, BindingContext context, XmlDictionaryReaderQuotas readerQuotas)
{
PeerAuthenticationMode authMode = PeerAuthenticationMode.None;
bool signing = false;
Convert(security, out authMode, out signing);
return(Create(authMode, signing, context, readerQuotas));
}
internal bool Equals(PeerCredential that, PeerAuthenticationMode mode, bool messageAuthentication)
{
if (messageAuthentication)
{
if (!this.SameAuthenticators(this.MessageSenderAuthentication, that.messageSenderAuthentication))
{
return(false);
}
if (((this.Certificate != null) && (that.Certificate != null)) && !this.Certificate.Equals((X509Certificate)that.Certificate))
{
return(false);
}
}
switch (mode)
{
case PeerAuthenticationMode.None:
return(true);
case PeerAuthenticationMode.Password:
if (this.MeshPassword.Equals(that.MeshPassword))
{
if ((this.Certificate == null) && (that.Certificate == null))
{
return(true);
}
if ((this.Certificate != null) && this.Certificate.Equals((X509Certificate)that.Certificate))
{
break;
}
return(false);
}
return(false);
case PeerAuthenticationMode.MutualCertificate:
if (this.Certificate.Equals((X509Certificate)that.Certificate))
{
if (!this.SameAuthenticators(this.PeerAuthentication, that.PeerAuthentication))
{
return(false);
}
break;
}
return(false);
}
return(true);
}
internal bool Equals(PeerCredential that, PeerAuthenticationMode mode, bool messageAuthentication)
{
if (messageAuthentication)
{
if (!this.SameAuthenticators(this.MessageSenderAuthentication, that.messageSenderAuthentication))
{
return false;
}
if (((this.Certificate != null) && (that.Certificate != null)) && !this.Certificate.Equals((X509Certificate) that.Certificate))
{
return false;
}
}
switch (mode)
{
case PeerAuthenticationMode.None:
return true;
case PeerAuthenticationMode.Password:
if (this.MeshPassword.Equals(that.MeshPassword))
{
if ((this.Certificate == null) && (that.Certificate == null))
{
return true;
}
if ((this.Certificate != null) && this.Certificate.Equals((X509Certificate) that.Certificate))
{
break;
}
return false;
}
return false;
case PeerAuthenticationMode.MutualCertificate:
if (this.Certificate.Equals((X509Certificate) that.Certificate))
{
if (!this.SameAuthenticators(this.PeerAuthentication, that.PeerAuthentication))
{
return false;
}
break;
}
return false;
}
return true;
}
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool signMessages, BindingContext context, XmlDictionaryReaderQuotas readerQuotas)
{
if (authenticationMode == PeerAuthenticationMode.None && !signMessages)
{
return(CreateDummy());
}
// test FIPS mode
if (authenticationMode == PeerAuthenticationMode.Password)
{
try
{
using (HMACSHA256 algo = new HMACSHA256())
{
using (SHA256Managed sha = new SHA256Managed()) { }
}
}
catch (InvalidOperationException e)
{
DiagnosticUtility.TraceHandledException(e, TraceEventType.Information);
PeerExceptionHelper.ThrowInvalidOperation_InsufficientCryptoSupport(e);
}
}
ChannelProtectionRequirements reqs = context.BindingParameters.Find <ChannelProtectionRequirements>();
PeerSecurityCredentialsManager credman = GetCredentialsManager(authenticationMode, signMessages, context);
if (credman.Credential != null)
{
//for compatibility with existing code:
ValidateCredentialSettings(authenticationMode, signMessages, credman.Credential);
}
PeerSecurityManager manager = Create(authenticationMode, signMessages, credman, reqs, readerQuotas);
credman.Parent = manager;
manager.ApplyAuditBehaviorSettings(context);
return(manager);
}
static void Convert(PeerSecuritySettings security, out PeerAuthenticationMode authMode, out bool signing)
{
authMode = PeerAuthenticationMode.None;
signing = false;
if (security.Mode == SecurityMode.Transport || security.Mode == SecurityMode.TransportWithMessageCredential)
{
switch (security.Transport.CredentialType)
{
case PeerTransportCredentialType.Password:
authMode = PeerAuthenticationMode.Password;
break;
case PeerTransportCredentialType.Certificate:
authMode = PeerAuthenticationMode.MutualCertificate;
break;
}
}
if (security.Mode == SecurityMode.Message || security.Mode == SecurityMode.TransportWithMessageCredential)
{
signing = true;
}
}
PeerSecurityManager(PeerAuthenticationMode authMode, bool signing)
{
this.authenticationMode = authMode;
this.enableSigning = signing;
thisLock = new object();
}
static public PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas)
{
PeerSecurityManager manager = null;
X509CertificateValidator connectionValidator = null;
X509CertificateValidator messageValidator = null;
PeerCredential credential = credman.Credential;
if (null == credential && credman == null)
{
if (authenticationMode != PeerAuthenticationMode.None || messageAuthentication)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials);
}
//create one that doesnt have any credentials in it.
return(CreateDummy());
}
manager = new PeerSecurityManager(authenticationMode, messageAuthentication);
manager.credManager = credman;
manager.password = credman.Password;
manager.readerQuotas = readerQuotas;
if (reqs != null)
{
manager.protection = new ChannelProtectionRequirements(reqs);
}
manager.tokenManager = credman.CreateSecurityTokenManager();
if (credential == null)
{
return(manager);
}
switch (authenticationMode)
{
case PeerAuthenticationMode.None:
break;
case PeerAuthenticationMode.Password:
{
manager.password = credential.MeshPassword;
if (String.IsNullOrEmpty(manager.credManager.Password))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password);
}
connectionValidator = X509CertificateValidator.None;
}
break;
case PeerAuthenticationMode.MutualCertificate:
{
if (manager.credManager.Certificate == null)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate);
}
if (!credential.PeerAuthentication.TryGetCertificateValidator(out connectionValidator))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication);
}
}
break;
}
if (messageAuthentication)
{
if (credential.MessageSenderAuthentication != null)
{
if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out messageValidator))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
else
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
return(manager);
}
public PeerClientSecurityTokenManager(PeerSecurityManager parent, SecurityTokenManager manager, PeerAuthenticationMode mode, bool messageAuth)
{
this.delegateManager = manager;
this.mode = mode;
this.messageAuth = messageAuth;
this.parent = parent;
}
public PeerSecurityCredentialsManager()
{
this.mode = PeerAuthenticationMode.Password;
}
public static PeerSecurityManager Create(PeerAuthenticationMode authenticationMode, bool messageAuthentication, PeerSecurityCredentialsManager credman, ChannelProtectionRequirements reqs, XmlDictionaryReaderQuotas readerQuotas)
{
PeerSecurityManager manager = null;
X509CertificateValidator none = null;
X509CertificateValidator validator2 = null;
PeerCredential credential = credman.Credential;
if ((credential == null) && (credman == null))
{
if ((authenticationMode != PeerAuthenticationMode.None) || messageAuthentication)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Credentials);
}
return(CreateDummy());
}
manager = new PeerSecurityManager(authenticationMode, messageAuthentication)
{
credManager = credman,
password = credman.Password,
readerQuotas = readerQuotas
};
if (reqs != null)
{
manager.protection = new ChannelProtectionRequirements(reqs);
}
manager.tokenManager = credman.CreateSecurityTokenManager();
if (credential != null)
{
switch (authenticationMode)
{
case PeerAuthenticationMode.Password:
manager.password = credential.MeshPassword;
if (string.IsNullOrEmpty(manager.credManager.Password))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Password);
}
none = X509CertificateValidator.None;
break;
case PeerAuthenticationMode.MutualCertificate:
if (manager.credManager.Certificate == null)
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.Certificate);
}
if (!credential.PeerAuthentication.TryGetCertificateValidator(out none))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.PeerAuthentication);
}
break;
}
if (messageAuthentication)
{
if (credential.MessageSenderAuthentication != null)
{
if (!credential.MessageSenderAuthentication.TryGetCertificateValidator(out validator2))
{
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
return(manager);
}
PeerExceptionHelper.ThrowArgument_InsufficientCredentials(PeerPropertyNames.MessageSenderAuthentication);
}
}
return(manager);
}
public PeerSecurityCredentialsManager()
{
this.mode = PeerAuthenticationMode.Password;
}
public PeerClientSecurityTokenManager(PeerSecurityManager parent, PeerCredential credential, PeerAuthenticationMode mode, bool messageAuth)
{
this.credential = credential;
this.mode = mode;
this.messageAuth = messageAuth;
this.parent = parent;
}
